Communication system, information processing apparatus, method and computer program

ABSTRACT

The present invention provides easy and prompt initiation of wireless communications in which security is ensured requiring additional hardware. A connection button of a PDA or first device is operated and a connection request is broadcast. If the PDA and a portable phone are in near each other, and a reception intensity of the connection request is equal to or higher than a threshold value, a request of the PDA is granted by the portable phone. Then, an encryption key is newly generated by the portable phone, and is transmitted to the PDA. An encryption key and communication parameter transmitted from the portable phone are acquired. Encrypted communications using the encryption key generated by the portable phone are established based on the communication parameter.

CROSS REFERENCES TO RELATED APPLICATIONS

The subject matter of application Ser. No. 10/976,272, is incorporatedherein by reference. The present application is a Continuation of U.S.Ser. No. 10/976,272, filed Oct. 28, 2004, now U.S. Pat. No. 8,345,881,issued Jan. 1, 2013, which claims priority to Japanese PatentApplication No. JP2003-373312, filed in the Japanese Patent Office onOct. 31, 2003, the entire contents of which being incorporated herein byreference to the extent granted by law.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a communication system, informationprocessing apparatus and method, and a computer program, andparticularly to a communication system, information processing apparatusand method, and a computer program capable of easily and promptlystarting wireless communications in which security is ensured withoutadditional hardware.

2. Related Art

In recent years, electronics devices equipped with a wirelesscommunication function typically in accordance with the IEEE (Instituteof Electrical and Electronics Engineers) 802.11 communications standardand the Bluetooth (Bluetooth (registered trademark)) communicationsstandard have been widely used.

Information which needs to be kept confidential, such as informationrelating with privacy etc., is also transmitted and received betweenapparatuses having the above-mentioned wireless communication function,so that there is a need for security countermeasures to prevent a thirdparty from intercepting, falsifying such information and carrying outunauthorized network access.

For example, in the IEEE 802.11 communications standard, a userregisters beforehand a secret key called a WEP (Wired EquivalentPrivacy) key with a device for communicating, and performs encryptedcommunications by using the WEP key, to thereby secure safety of thecommunications. Further, a digital certificate is issued beforehand soas to authenticate a device of a communication counterpart by using thecertificate at the time of starting communications, to thereby determinewhether it is a right communication counterpart or not, and securesafety.

By the way, if registration of information on such a key and issue ofthe certificate are always performed beforehand in order to securesafety, it is not possible to promptly respond to switching ofconnection parties of wireless communications. It is not possible topromptly respond to temporary connections, such as for example,connecting two portable devices temporarily by radio so as to transmit acertain file, connecting a digital camera temporarily by radio with aprinter installed in a store so as to print imaged photographs,connecting a video camera with a portable phone temporarily by radio soas to remotely control the video camera by using the portable phone,etc.

Then, in order to specify a connection party easily, and to promptlystart wireless communications with a specified device, JapaneseLaid-Open Patent Application No 2002-204239, for example, discloses thata portable phone having a built-in RF tag is brought into proximity witha personal computer having a built-in reader/writer, so thatidentification information data of both devices are transmitted andreceived between the RF tag and the reader/writer. Then, the Bluetoothcommunications are established between the portable phone and thepersonal computer, based on the transmitted and received identificationinformation data.

Further, it has been proposed conventionally that a secret key is sharedbetween two devices in short distance wireless communications by meansof the RF tag and the reader/writer or in short distance wirelesscommunications by means of infrared modules provided in both thedevices. Therefore, for example, the Bluetooth communicationsestablished in such a way as to be disclosed in Patent Document 1 areencrypted by using the secret key which is transmitted and received inthe short distance wireless communications, so that the user may onlybring both the devices into proximity with each other so as to promptlystart the Bluetooth communications in which the security is ensured.

SUMMARY OF THE INVENTION

However, as described above, in order to transmit and receive theidentification information data and the secret key between both thedevices, it is necessary for both the devices to be provided with shortdistance wireless communication modules, such as the RF tag, thereader/writer, or the infrared module, in addition to the wirelesscommunication module, such as the Bluetooth communications etc., whichcan perform communications even in a relatively distant position.

Therefore, although the RF tag, the infrared module, etc. are only forestablishing the Bluetooth communications etc. by means of the wirelesscommunication module provided in addition to them, it is necessary toprepare them for causing the Bluetooth communication etc. to startpromptly only by bringing the devices into proximity to each other,which increases the cost accordingly.

The present invention has been conceived in view of a situation asdescribed above, and aims to granting easy and prompt start of thewireless communications in which security is ensured without additionalhardware, such as the RF tag and the infrared module.

A first information processing apparatus of a communication system inaccordance with the present invention includes: a first transmissionmeans or transmitter for wirelessly broadcasting a connection requestcontaining a public key; a first reception means or receptor forreceiving a key information which is transmitted wirelessly from asecond information processing apparatus for judging a receptionintensity of an electromagnetic wave which conveys the connectionrequest broadcast by the first transmission means is higher than apreset threshold value, the key information being generated by thesecond information processing apparatus and encrypted by the public key;and a first establishment means for decrypting the key informationreceived by the first reception means by using a secret keycorresponding to the public key and so that wireless communicationsencrypted by the key information may be established with the secondinformation processing apparatus.

Further, a second information processing apparatus of the communicationsystem in accordance with the present invention includes: a secondreception means or receptor for receiving a connection requesttransmitted from the first information processing apparatus; ageneration means or generator for generating a key information when areception intensity of an electromagnetic wave which conveys theconnection request is higher than a preset threshold value; a secondtransmission means for encrypting by means of a public key andtransmitting to the first information processing apparatus the keyinformation generated by the generation means; and a secondestablishment means for establishing wireless communication, encryptedby the key information, with the first information processing apparatus.

The first information processing apparatus of the present inventionfurther includes: a transmission means or transmitter for wirelesslybroadcasting a connection request containing a public key; a receptionmeans or receptor for receiving a key information wirelessly transmittedfrom another information processing apparatus which judges a receptionintensity of an electromagnetic wave for conveying the connectionrequest broadcast by the transmission means is higher than a presetthreshold value, the key information being generated by the otherinformation apparatus and encrypted by the public key; and anestablishing means for decrypting the key information received by thereception means by using a secret key corresponding to the public key soas to establish wireless communications encrypted by the key informationwith the other information processing apparatus, wherein theestablishing means establishes the wireless communications with theother information processing apparatus when the reception intensity ofthe electromagnetic wave which conveys the key information transmittedfrom the other information processing apparatus is higher than thepreset threshold value.

A first information processing method in accordance with the presentinvention includes: a transmission step of wirelessly broadcasting aconnection request containing a public key; a reception step ofreceiving a key information wirelessly transmitted from anotherinformation processing apparatus which judges a reception intensity ofan electromagnetic wave for conveying the connection request broadcastby processing the transmission step is higher than a preset thresholdvalue, the key information being generated by the other informationprocessing apparatus and encrypted by means of the public key; and anestablishment step of decrypting the key information received byprocessing the reception step by using a secret key corresponding to thepublic key so as to establish wireless communication, encrypted by thekey information, with the other information processing apparatus,wherein by processing the establishment step, the wirelesscommunications are established with the other information processingapparatus when the reception intensity of the electromagnetic wave whichconveys the key information transmitted from the other informationprocessing apparatus is higher than the preset threshold value.

A first computer program of the present invention includes: atransmission step of wirelessly broadcasting a connection requestcontaining a public key; a reception step of receiving a key informationtransmitted wirelessly from another information processing apparatuswhich judges a reception intensity of an electromagnetic wave forconveying a connection request broadcast by processing the transmissionstep is higher than a preset threshold value, the key information beinggenerated by the other information processing apparatus and encrypted bymeans of the public key; and an establishment step of decrypting the keyinformation, received by processing the reception step, by using thesecret key corresponding to the public key so as to establish wirelesscommunications encrypted by means of the key information with the otherinformation processing apparatus, wherein by processing theestablishment step, the wireless communications are established with theother information processing apparatus when the reception intensity ofthe electromagnetic wave which conveys the key information transmittedfrom the other information processing apparatus is higher than thepreset threshold value.

A second information processing apparatus of the present inventionincludes: a reception means for receiving a connection requestcontaining a public key transmitted from another information processingapparatus; a generation means for generating a key information when areception intensity of an electromagnetic wave which conveys theconnection request is higher than a preset threshold value; atransmission means for encrypting the key information, generated by thegeneration means, by means of the public key so as to transmit it to theother information processing apparatus; and an establishment means forestablishing wireless communications encrypted by means of the keyinformation with the other information processing apparatus.

The generation means can generate different key information each time anelectromagnetic wave which conveys the connection request is received atreception intensity higher than the preset threshold value.

A second information processing method of the present inventionincludes: a reception step of receiving a connection request containinga public key transmitted from another information processing apparatus;a generation step of generating a key information when a receptionintensity of an electromagnetic wave which conveys the connectionrequest is higher than a preset threshold value; a transmission step ofencrypting the key information, generated by processing the generationstep, by means of the public key so as to transmit it to anotherinformation processing apparatus; and an establishment step ofestablishing wireless communication, encrypted by means of the keyinformation, with the other information processing apparatus.

A second computer program of the present invention includes: a receptionstep of receiving a connection request containing a public keytransmitted from another information processing apparatus; a generationstep of generating a key information when a reception intensity of anelectromagnetic wave which conveys the connection request is higher thana preset threshold value; a transmission step for encrypting by means ofa public key and transmitting to the information processing apparatusthe key information generated by the generation step; and anestablishment step of establishing wireless communications encrypted bythe key information with the other information processing apparatus.

A third information processing apparatus of the present inventionincludes: a reception means for receiving a connection requestcontaining a public key transmitted from another information processingapparatus; a generation means for generating a key information when areception intensity of an electromagnetic wave which conveys theconnection request is higher than a preset threshold value; a firsttransmission means for encrypting the key information, generated by thegeneration means, by means the public key so as to transmit theencrypted key information to the other information processing apparatustogether with an information data for connecting to a communicationmanagement device which manages wireless communication; and a secondtransmission means for transmitting the key information generated by thegeneration means to the communication management device by wire.

A third information processing method of the present invention includes:a reception step of receiving a connection request containing a publickey transmitted from another information processing apparatus; ageneration step of generating a key information when a receptionintensity of an electromagnetic wave which conveys the connectionrequest is higher than a preset threshold value; a first transmissionstep of encrypting the key information, generated by processing thegeneration step, by means of the public key so as to transmit theencrypted key information to the other information processing apparatustogether with an information data for connecting to a communicationmanagement device which manages wireless communication; and a secondtransmission step of transmitting the key information generated byprocessing the generation step to the communication management device bywire.

A third computer program of the present invention includes: a receptionstep of receiving a connection request containing a public keytransmitted from another information processing apparatus; a generationstep of generating a key information when a reception intensity of anelectromagnetic wave which conveys the connection request is higher thana preset threshold value; a first transmission step of encrypting thekey information, generated by processing the generation step, by meansof the public key so as to transmit the encrypted key information to theother information processing apparatus together with an information datafor connecting to a communication management device which manageswireless communication; and a second transmission step of transmittingthe key information generated by processing the generation step to thecommunication management device by wire.

In the communication system of the present invention, the connectionrequest containing the public key is broadcast wirelessly means, the keyinformation is received which is transmitted wirelessly from the secondinformation processing apparatus for judging the reception intensity ofthe electromagnetic wave for conveying the broadcast connection requestis higher than the preset threshold value, the key information beinggenerated by the second information processing apparatus and encryptedby means of the public key. Further, the received key information isdecrypted by using the secret key corresponding to the public key. Thewireless communications encrypted by the key information is establishedwith the second information processing apparatus. Further, when theconnection request transmitted from the first information processingapparatus is received and the reception intensity of the electromagneticwave which conveys the connection request is higher than the presetthreshold value, then the key information is generated. The generatedkey information is encrypted by means of the public key so as to betransmitted to the first information processing apparatus, whereby thewireless communications encrypted by means of the key information isestablished with the first information processing apparatus.

In the first information processing apparatus and the first informationprocessing method, and the first computer program of the presentinvention, the connection request containing the public key is broadcastwirelessly means, and the key information is received which iswirelessly transmitted from another information processing apparatus forjudging the reception intensity of the electromagnetic wave forconveying the broadcast connection request is higher than the presetthreshold value, the key information being generated by the otherinformation processing apparatus and encrypted by means of the publickey. Further, the received key information is decrypted by using thesecret key corresponding to the public key, and the wirelesscommunications encrypted by the key information is established with theother information processing apparatus.

Establishment of the wireless communications is realized with the otherinformation processing apparatus, when the reception intensity of theelectromagnetic wave which conveys the key information transmitted fromthe other information processing apparatus is higher than the presetthreshold value.

In the second information processing apparatus and the secondinformation processing method, and the second computer program of thepresent invention, when the connection request is received whichcontains the public key transmitted from another information processingapparatus, and when the reception intensity of the electromagnetic wavewhich conveys the connection request is higher than the preset thresholdvalue, then the key information is generated. Further, the generated keyinformation is encrypted by means of the public key so as to betransmitted to another information processing apparatus, whereby thewireless communications encrypted by means of the key information isestablished with another information processing apparatus.

In the third information processing apparatus and the third informationprocessing method, and the third computer program of the presentinvention, when the connection request is received which contains thepublic key transmitted from another information processing apparatus,and when the reception intensity of the electromagnetic wave whichconveys the connection request is higher than the preset thresholdvalue, then the key information is generated. Further, the generated keyinformation is encrypted by means of the public key, and the encryptedkey information is transmitted to another information processingapparatus together with the information data for connecting to thecommunication management device which manages the wirelesscommunications. The generated key information is transmitted to thecommunication management device by wire.

Therefore, according to a preferred embodiment of the present invention,it is possible to start wireless communications easily and promptly.

Further, according to a preferred embodiment of the present invention,it is possible to secure wireless communications in which security isensured, without requiring a complicated setup.

Furthermore, according to a preferred embodiment of the presentinvention, it is possible to prevent the wireless communications frombeing performed with a device which is not intended by a user.

The above and other objects, features and advantages of the presentinvention will become more apparent from the following description ofthe presently preferred exemplary embodiments of the invention taken inconjunction with the accompanying drawings, in which:

FIG. 1A and FIG. 1B are views showing a procedure of establishing ad hoccommunications;

FIG. 2 is a block diagram showing an example of a structure of a PDA;

FIG. 3 is a block diagram showing an example of a functional structureof the PDA;

FIG. 4 is a flow chart for explaining a wireless communicationestablishment process performed by the PDA and a portable phone of FIG.1;

FIG. 5 is a flow chart for explaining an example of a process in FIG. 4;

FIG. 6 is a flow chart for explaining another wireless communicationestablishment process performed by the PDA and the portable phone ofFIG. 1;

FIGS. 7A and 7B are views showing a procedure of establishinginfrastructure communications;

FIG. 8 is a block diagram showing an example of a structure of an accesspoint;

FIG. 9 is a flow chart for explaining a process performed by the PDA andthe access point;

FIGS. 10A and 10B are views showing a procedure of establishing theinfrastructure communications by bringing a device into proximity to adummy point;

FIG. 11 is a block diagram showing an example of a structure of theaccess point and the dummy point;

FIG. 12 is a flow chart for explaining a communication establishmentprocess performed by the PDA, the access point, and the dummy point;

FIG. 13 is a view showing an example of a structure of a communicationsystem to which the present invention is applied;

FIGS. 14A and 14B are views showing an example of a spatial relationshipbetween the dummy point and the PDA;

FIG. 15 is a flow chart for explaining a process at the access point;and

FIG. 16 is a view showing a situation where a portable dummy point and apersonal computer are in proximity to each other.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS OF THE PRESENTINVENTION

Hereafter, preferred embodiments of the present invention will bedescribed. The description is for confirming that the preferredembodiments which support the invention recited in a claim is describedin the present specification. Therefore, if there is an embodiment whichis described in the preferred embodiments of the invention and notdescribed herein as one corresponding to the invention, it does not meanthat the embodiment does not correspond to the invention. In contrast,if the embodiment is described as one corresponding to the invention, itdoes not mean that the embodiment does not correspond to any inventionother than the presently described invention.

Further, this description does not mean the entire invention asdescribed in the present specification. In other words, this descriptiondoes not deny existence of the invention which is described in thepresent specification but not claimed in this application, i.e.existence of the invention to be divided into a divisional applicationor to be added through amendments in the future.

According to a preferred embodiment of the present invention, acommunication system is provided. The communication system is acommunication system which includes a first information processingapparatus (for example, a PDA 1 of FIG. 1A) and a second informationprocessing apparatus (for example, a portable phone 2 of FIG. 1A, anaccess point 51 of FIG. 7A). The first information processing apparatusincludes: a first transmission means (for example, a connection requesttransmission unit 41 of FIG. 3) for wirelessly broadcasting a connectionrequest containing a public key (for example, the public key Pkgenerated in step S2 of FIG. 4); a first reception means (for example, awireless communication control unit 31 of FIG. 3 for performing aprocess of step S4 of FIG. 4) for receiving key information (forexample, a session key S) transmitted wirelessly from theabove-mentioned second information processing apparatus (for example, aportable phone 2 of FIG. 1A) which judges a reception intensity of anelectromagnetic wave for conveying the above-mentioned connectionrequest broadcast by the above-mentioned first transmission means ishigher than a preset threshold value, a key information being generatedby the above-mentioned second information processing apparatus andencrypted by the above-mentioned public key; and a first establishmentmeans (for example, the wireless communication control unit 31 of FIG. 3for performing a process in step S6 of FIG. 4) for decrypting theabove-mentioned key information received by the above-mentioned firstreception means by using a secret key (for example, a secret key Skgenerated in step S2 of FIG. 4) corresponding to the above-mentionedpublic key so as to establish wireless communications (for example,wireless communications in accordance with the IEEE 802.11communications standard or the Bluetooth communications standard),encrypted by the above-mentioned key information, with theabove-mentioned second information processing apparatus.

Further, the second information processing apparatus includes: a secondreception means (for example, the wireless communication control unit 31of FIG. 3 for performing a process in step S21 of FIG. 4) for receivingthe above-mentioned connection request transmitted from theabove-mentioned first information processing apparatus; a generationmeans for generating the above-mentioned key information (for example,key information management unit 34 of FIG. 3) when the receptionintensity of an electromagnetic wave for conveying the above-mentionedconnection request is higher than a preset threshold value; a secondtransmission means (for example, the wireless communication control unit31 of FIG. 3 for performing a process in step S26 of FIG. 4) forencrypting the above-mentioned key information, generated by theabove-mentioned generation means, by means of the above-mentioned publickey so as to transmit key information to the above-mentioned firstinformation processing apparatus; and a second establishment means (forexample, the wireless communication control unit 31 of FIG. 3 forperforming a process in step S27 of FIG. 4) for establishing wirelesscommunications, encrypted by means of the above-mentioned keyinformation (for example, a wireless communications in accordance withthe IEEE 802.11 communications standard or the Bluetooth communicationsstandard), with the above-mentioned first information processingapparatus.

Also, according to a preferred embodiment of the present invention, afirst information processing apparatus is provided. The informationprocessing apparatus (for example, the PDA 1 of FIG. 1A) includes: atransmission means (for example, the connection request transmissionunit 41 of FIG. 3) for wirelessly broadcasting a connection requestcontaining a public key (for example, the public key Pk generated instep S2 of FIG. 4); a reception means (for example, the wirelesscommunication control unit 31 of FIG. 3 for performing a process in stepS4 of FIG. 4) for receiving key information (for example, the sessionkey S) transmitted wirelessly from another information processingapparatus (for example, the portable phone 2 of FIG. 1A) which judgesthe reception intensity of an electromagnetic wave for conveying theabove-mentioned connection request broadcast by the above-mentionedtransmission means is higher than a preset threshold value, the keyinformation being generated by the above-mentioned other informationprocessing apparatus and encrypted with the above-mentioned public key;an establishment means (for example, the wireless communication controlunit 31 of FIG. 3 for performing the process in step S6 of FIG. 4) fordecrypting the above-mentioned key information, received by theabove-mentioned reception means, by using a secret key (for example, thesecret key Sk generated in step S2 of FIG. 4) corresponding to theabove-mentioned public key so as to establish wireless communications,encrypted by the above-mentioned key information (for example, thewireless communications in accordance with the IEEE 802.11communications standard or the Bluetooth communications standard), withthe above-mentioned other information processing apparatus, wherein theabove-mentioned establishment means establishes the above-mentionedwireless communications with the above-mentioned other informationprocessing apparatus when the reception intensity of an electromagneticwave which conveys the above-mentioned key information transmitted fromthe above-mentioned other information processing apparatus is higherthan a preset threshold value (for example, the PDA 1 of FIG. 1A forperforming the process in FIG. 6).

According to a preferred embodiment of the present invention, a firstinformation processing method is provided. The information processingmethod includes: a transmission step (for example, step S3 of FIG. 4) ofbroadcasting a connection request containing a public key (for example,the public key Pk generated in step S2 of FIG. 4) wirelessly means; areception step (for example, step S4 of FIG. 4) of receiving keyinformation (for example, the session key S) generated by theabove-mentioned other information processing apparatus (for example, theportable phone 2 of FIG. 1A) which judges the reception intensity of anelectromagnetic wave for conveying the above-mentioned connectionrequest broadcast by processing the above-mentioned transmission step ishigher than a preset threshold value; and an establishment step (forexample, step S6 of FIG. 4) of decrypting the above-mentioned keyinformation received by processing the above-mentioned reception step byusing a secret key (for example, the secret key Sk generated in step S2of FIG. 4) corresponding to the above-mentioned public key, so as toestablish wireless communications, encrypted by the above-mentioned keyinformation (for example, the wireless communications in accordance withthe IEEE 802.11 communications standard or the Bluetooth communicationsstandard), with the other information processing apparatus, wherein thewireless communications is established with the above-mentioned otherinformation processing apparatus, when the reception intensity of theelectromagnetic wave for conveying the key information transmitted fromother information processing apparatuses is higher than the presetthreshold value.

According to a preferred embodiment of the present invention, a firstcomputer program is provided. Also in the first computer program, thepreferred embodiment to which each step corresponds (however, anexample) is similar to the first information processing method of thepresent invention.

According to a preferred embodiment of the present invention, a secondinformation processing apparatus is provided. The information processingapparatus (for example, the portable phone 2 of FIG. 1A, the accesspoint 51 of FIG. 7A) includes: a reception means (for example, thewireless communication control unit 31 of FIG. 3 for performing theprocess in step S21 of FIG. 4) for receiving a connection requestcontaining a public key (for example, the public key Pk generated instep S2 of FIG. 4) transmitted from another information processingapparatus (for example, the PDA 1 of FIG. 1A); a generation means forgenerating key information (for example, the key information managementunit 34 of FIG. 3) when the reception intensity of an electromagneticwave which conveys the above-mentioned connection request is higher thana preset threshold value; a transmission means for encrypting theabove-mentioned key information, generated by the above-mentionedgeneration means, with the above-mentioned public key so as to betransmitted to the above-mentioned other information processingapparatus (for example, the wireless communication control unit 31 ofFIG. 3 for performing the process in step S26 of FIG. 4); and anestablishment means (for example, the wireless communication controlunit 31 of FIG. 3 for performing the process in step S27 of FIG. 4) forestablishing wireless communications with the above-mentioned otherinformation processing apparatus, the wireless communications beingencrypted by the above-mentioned key information (for example, thewireless communications in accordance with the IEEE 802.11communications standard or the Bluetooth communications standard).

The above-mentioned generation means can generate different keyinformation each time an electromagnetic wave which conveys theabove-mentioned connection request is received at a reception intensityhigher than the preset threshold value.

According to a preferred embodiment of the present invention, a secondinformation processing method is provided. The information processingmethod includes: a reception step (for example, step S21 of FIG. 4) ofreceiving a connection request containing a public key (for example, thepublic key Pk generated in step S2 of FIG. 4) transmitted from anotherinformation processing apparatus (for example, the PDA 1 of FIG. 1A); ageneration step (for example, step S24 of FIG. 4) of generating keyinformation when the reception intensity of an electromagnetic wavewhich conveys the above-mentioned connection request is higher than apreset threshold value; a transmission step (for example, step S26 ofFIG. 4) of encrypting the above-mentioned key information, generated byprocessing the above-mentioned generation step, by the above-mentionedpublic key, so as to be transmitted to the above-mentioned otherinformation processing apparatus; and a establishment step (for example,step S27 of FIG. 4) of establishing wireless communications with theabove-mentioned other information processing apparatus, the wirelesscommunications being encrypted by means of the above-mentioned keyinformation (for example, the wireless communications in accordance withthe IEEE 802.11 communications standard or the Bluetooth communicationsstandard).

According to a preferred embodiment of the present invention, a secondcomputer program is provided. Also in the second computer program, thepreferred embodiment (however, one example) to which each stepcorresponds is similar to the second information processing method ofthe present invention.

According to a preferred embodiment of the present invention, a thirdinformation processing apparatus is provided. The third informationprocessing apparatus (for example, a dummy point 101-1 of FIG. 10A)includes: a reception means (for example, a wireless communicationcontrol unit 121 of FIG. 11 for performing a process in step S161 ofFIG. 12) for receiving a connection request containing a public key (forexample, the public key Pk generated in step S182 of FIG. 12)transmitted from another information processing apparatus (for example,the PDA 1 of FIG. 1A); a generation means (for example, key informationmanagement unit 124 of FIG. 11) for generating key information when thereception intensity of a electromagnetic wave which conveys theabove-mentioned connection request is higher than a preset thresholdvalue; a first transmission means (for example, the wirelesscommunication control unit 121 of FIG. 11 for performing a process instep S166 of FIG. 12) for encrypting the above-mentioned keyinformation, generated by the above-mentioned generation means, by meansof the above-mentioned public key so as to transmit the above-mentionedencrypted key information to the above-mentioned other informationprocessing apparatus together with information for connecting to acommunication management device (for example, an access point 51 of FIG.10A) which manages wireless communication; and a second transmissionmeans (for example, a cable communication control unit 125 of FIG. 11for performing a process in step S167 of FIG. 12) for transmitting theabove-mentioned key information generated by the above-mentionedgeneration means to the above-mentioned communication management deviceby wire.

According to a preferred embodiment of the present invention, a thirdinformation processing method is provided. The third informationprocessing method includes: a reception step (for example, step S161 ofFIG. 12) of receiving a connection request containing a public key (forexample, the public key Pk generated in step S182 of FIG. 12)transmitted from another information processing apparatus (for example,the PDA 1 of FIG. 1A); a generation step (for example, step S164) ofgenerating key information when the reception intensity of anelectromagnetic wave which conveys the above-mentioned connectionrequest is higher than a preset threshold value; a first transmissionstep (for example, step S166 of FIG. 12) of encrypting theabove-mentioned key information, generated by processing theabove-mentioned generation step, by means of the above-mentioned publickey so as to transmits the above-mentioned encrypted key information tothe above-mentioned other information processing apparatus together withinformation for connecting to a communication management device (forexample, the access point 51 of FIG. 10A) which manages wirelesscommunication; and a second transmission step (for example, step S167 ofFIG. 12) of transmitting the above-mentioned key information generatedby processing the above-mentioned generation step to the above-mentionedcommunication management device by wire.

According to a preferred embodiment of the present invention, a thirdcomputer program is provided. Also in the third computer program, thepreferred embodiment (however, one example) to which each stepcorresponds is similar to the third information processing method of thepresent invention.

Hereinafter, the preferred embodiments of the present invention will bedescribed with reference to the attached figures.

In the communication system to which the present invention is applied,FIG. 1A and FIG. 1B are views showing a procedure of establishing ad hoccommunications between devices.

In the PDA 1 and the portable phone 2, for example, modules are includedrespectively which are capable of performing the wireless communicationsby means of the electromagnetic wave and which are complying with theIEEE (Institute of Electrical and Electronics Engineers) 802.11communications standard (IEEE 802.11a/b/g etc.) or the Bluetooth(Bluetooth) communications standard.

For example, when a user operates a button provided on a surface of thePDA 1 and instructs the PDA 1 to be connected, the connection requestcontaining an address of the PDA 1 etc. is broadcast from the PDA 1. Asshown in FIG. 1A, when the FDA 1 and the portable phone 2 are inproximity with each other, and when it is determined that the receptionintensity of the electromagnetic wave (electromagnetic wave whichconveys the connection request) from the PDA 1 is equal to or higherthan a preset threshold value, the portable phone 2 grants the requestfrom the PDA 1 and communicates with the PDA 1.

At this event, the portable phone 2 newly generates an encryption keyused for the communications with the PDA 1, and transmits the generatedencryption key and a communication parameter, such as the address of theportable phone 2 to the PDA 1. In addition, in the connection requestfrom the PDA 1, the public key generated by the PDA 1 is also contained,the encryption key (encryption key generated by means of the portablephone 2) encrypted by means of the public key and the communicationparameter are transmitted from the portable phone 2 to the PDA 1.

Since the PDA 1 has a secret key (an individual key) corresponding tothe public key which is broadcast and included in the connectionrequest, the encryption key and the communication parameter which aretransmitted from the portable phone 2 are acquired by using the secretkey. As shown in a solid line arrow of FIG. 1B, the wirelesscommunications complying with the IEEE 802.11 communications standard orthe Bluetooth communications standard is established with the portablephones 2. Then, encrypted communications by using the encryption keygenerated by the portable phone 2 are performed with the PDA 1 and theportable phones 2.

As described above, only when the reception intensity of the connectionrequest broadcast from one apparatus is equal to or higher than athreshold value, peer-to-peer type ad hoc communications not via theaccess point are started between both the devices. Therefore, withoutperforming complicated setups, the user can establish communicationspromptly by means of an intuitive operation of bringing the device heldby the user into proximity to a device by which the user intends toperform the wireless communications.

Further, since the encrypted communications are carried out by means ofthe encryption key generated by the portable phone 2 which is a devicehaving received the connection request, even when there is anotherdevice within an electromagnetic wave covering area, the apparatuscannot intercept the information transmitted and received between thePDA 1 and the portable phone 2. In other words, the user can promptlyestablish the wireless communications in which safety is also secured.The processing before the communications are established between the PDA1 and the portable phone 2 will be described later referring to a flowchart.

FIG. 2 is a block diagram showing an example a structure of the PDA 1.

A CPU (Central Processing Unit) 11 performs various types of processesaccording to a computer program loaded from a ROM (Read Only Memory) 12or a storage unit 18 into a RAM (Random Access Memory) 13. In the RAM13, data etc. are suitably stored which are necessary for the CPU 11 toperform various types of processes.

The CPU 11, the ROM 12, and the RAM 13 are mutually connected through abus 14, and an input/output interface 15 is also connected with the bus14.

Connected to the input/output interface 15 are various types of buttonsand jog dials; an input unit 16 which is a touch panel etc. andsuperposed on, for example an LCD (Liquid Crystal Display) constitutingan output unit 17; a display unit which is an LCD etc.; the output unit17 which is a speaker, etc; and the storage unit 18 which is a flashmemory etc.

Further, a wireless communication unit 19 which is a wirelesscommunication module complying with the IEEE 802.11 communicationsstandard or the Bluetooth communications standard is also connected tothe input/output interface 15. The wireless communication unit 19performs the wireless communications, complying with the IEEE 802.11communications standard, for example, with the portable phones 2, undercontrol of the CPU 11 through the bus 14 and the input/output interface15.

A drive 20 is also connected to the input/output interface 15 as needed.A magnetic disk 21, an optical disc 22, an optical magnetic disc 23, asemiconductor memory 24, etc. are suitably installed in the drive 20.

FIG. 3 is a block diagram showing an example of a functional structureof the PDA 1. Each function in FIG. 3 is realized by executing a controlprogram by means of the CPU 11 of FIG. 2.

The wireless communication control unit 31 establishes the wirelesscommunications with another device at the wireless communication unit 19of FIG. 2 and controls the established wireless communications. Further,the wireless communication control unit 31 has a connection requesttransmission unit 41 and an intensity judgment unit 42. The connectionrequest transmission unit 41 broadcasts the connection requestcontaining the public key and an address of the PDA 1 etc., according toinstructions from the user. The public key broadcast by the connectionrequest transmission unit 41 is generated and supplied by the keyinformation management unit 34. The intensity judgment unit 42 measuresthe reception intensity of the electromagnetic wave emitted, forexample, by an external device in the wireless communication unit 19,and determines whether or not the reception intensity is equal to orhigher than the threshold value.

By using the key information supplied from the key informationmanagement unit 34, an encryption/decryption processing unit 32 encryptsan information data to be transmitted to another device, and decryptsthe information data when the information data received from anotherdevice is encrypted.

A communication parameter management unit 33 manages various types ofparameters required for performing communications, for example, an ESSID(Extended Service Set ID) in the IEEE 802.11 communications, or aBluetooth address, a Bluetooth clock, etc. in the Bluetoothcommunications.

The key information management unit 34 manages the encryption keyprovided by the device of a communication counterpart, generates thepublic key and the secret key corresponding to the public key as needed,and manages their key information. The key information managed by thekey information management unit 34 is suitably provided for theencryption/decryption processing unit 32.

In addition, also the portable phone 2 of FIG. 1 fundamentally has thesame structure as the structures of FIG. 2 and FIG. 3, except that aprocessing unit for a sound signal which is inputted when the userspeaks and a communication unit for performing communications with abase station are added further. Therefore, hereafter, FIG. 2 and FIG. 3are suitably referred to the structure of the portable phone 2.

Next, referring to a flow chart of FIG. 4, a wireless communicationestablishment process performed by the PDA 1 and the portable phone 2 ofFIG. 1 will be described.

For example, when a connection button provided on a surface isdepressed, the input unit 16 of the PDA 1 receives an input (operationof the connection button) from the user in step S1.

In step S2, the key information management unit 34 generates and managesa pair of the public key Pk and the secret key Sk (secret key Sk whichcan decrypt the information data encrypted by means of the public keyPk) corresponding to the public key Pk. The key information managementunit 34 supplies the generated public key Pk to the wirelesscommunication control unit 31. Then, the communication parametercontaining the address of the PDA 1 etc. is also supplied from thecommunication parameter management unit 33 to the wireless communicationcontrol unit 31.

In step S3, the connection request transmission unit 41 controls thewireless communication unit 19 and broadcasts the connection requestcontaining the public key Pk and the communication parameter. Since theconnection request is not encrypted, a device which exists within acoverage area of the electromagnetic wave emitted from the wirelesscommunication unit 19 of a PDA 11 can receive the connection request andacquire the public key Pk, etc.

When the portable phone 2 is within the coverage area of theelectromagnetic wave from the PDA 1, in step S21 the wirelesscommunication control unit 31 of the portable phone 2 receives theconnection request transmitted from the PDA 1, and outputs the publickey Pk contained in the connection request to the encryption/decryptionprocessing unit 32. In step S22 the intensity judgment unit 42 of theportable phone 2 measures the reception intensity (reception intensityof the electromagnetic wave which conveys the connection request) of theconnection request, moves the process to step S23, and determineswhether or not the reception intensity is equal to or higher than thethreshold value.

In step S23, when it is determined that the reception intensity of theconnection request is lower than or equal to the threshold value, thenthe intensity judgment unit 42 terminates the process. Therefore, when adistance between the PDA 1 and the portable phone 2 is comparativelylarge, even if the portable phone 2 has received the connection request,subsequent communications are not performed between the PDA 1 and theportable phone 2.

On the other hand, in step S23 when it is determined that the receptionintensity of the connection request is equal to or higher than thethreshold value, the intensity judgment unit 42 grants the request fromthe PDA 1, and specifies the PDA 1 as a device of the communicationcounterpart. Therefore, as shown in FIG. 1A, when the connection requestis broadcast from the PDA 1 in proximity with the portable phone 2, thePDA 1 is specified as the device of the communication counterpart of theportable phone 2.

A field intensity of the electromagnetic wave (electric power densityper unit area) decreases inversely proportionally to the square of adistance from a transmission source, therefore, a device having receivedthe connection request can determine whether the device broadcasting theconnection request is the one in proximity or the one located in acomparatively distant position, based on the field intensity of thereceived electromagnetic wave.

For example, on the reception intensity in the portable phone 2, thereis a ten times difference between a packet transmitted from the devicein a position 10 cm away from the portable phone 2 and a packettransmitted from the device in a position 1 m away from the portablephone 2 (the intensity of the packet transmitted from the device whichis located in the position 10 cm away from the portable phone 2 is tentimes higher), so that the device which receives the connection requestcan substantially reliably determine whether or not the device whichtransmits it is the one in proximity, even if there are somewhatirregularities in the output.

Turning back to FIG. 4, when the PDA 1 is specified as the device of thecommunication counterpart, the key information management unit 34 of theportable phone 2, in step S24, generates the session key S which is acommon key. After the wireless communications are established with thePDA 1, the session key S is used for encrypting the transmitted andreceived information data and for decrypting the encrypted informationdata. In addition, the session key S is generated at random forconnection at this event. A different key is generated for each set ofthe processes of FIG. 4. The session key S generated by the keyinformation management unit 34, and the communication parameters, suchas the address of the portable phone 2, managed by the communicationparameter management unit 33 are outputted to the encryption/decryptionprocessing unit 32.

In step S25, the encryption/decryption processing unit 32 encrypts thesession key S and the communication parameter (Z=(the session key S, thecommunication parameter)) by using the public key Pk provided by the PDA1, and supplies the encrypted information data to the wirelesscommunication control unit 31. In step S26, the wireless communicationcontrol unit 31 returns the session key S encrypted by means of thepublic key Pk and the communication parameter to the PDA 1 as an ack (Z)(acknowledge (Z)). Thus, the session key S generated by the portablephone 2 is encrypted by means of the public key Pk and returned to thePDA 1, so that only the PDA 1 having the secret key Sk can decrypt andacquire the session key S.

The wireless communication control unit 31 of the PDA 1, in step S4,receives the ack (Z) returned from the portable phone 2, and outputs thereceived ack (Z) to the encryption/decryption processing unit 32.

In step S5, the encryption/decryption processing unit 32 of the PDA 1decrypts the ack (Z) returned from the portable phone 2 by using thesecret key Sk managed by the key information management unit 34, andacquires the communication parameter and the session key S generated bythe portable phone 2.

In step S6, by using the communication parameter acquired by theencryption/decryption processing unit 32, the wireless communicationcontrol unit 31 establishes the wireless communications with theportable phones 2, complying with the IEEE 802.11 communicationsstandard or the Bluetooth communications standard. On the other hand, instep S27, based on the communication parameter contained in theconnection request from the PDA 1, the portable phone 2 establishes thewireless communications with the PDA 1, complying with the IEEE 802.11communications standard or the Bluetooth communications standard.

At this event, in the case of the wireless communications complying withthe IEEE 802.11 communications standard, a MAC (Media Access Control)address, an IP address, the ESSID, etc. of both the devices are set upbetween the PDA 1 and the portable phones 2, and a setup by using thesession key S as a WEP (Wired Equivalent Privacy) key etc. areperformed. Further, in the case of the wireless communications complyingwith the Bluetooth communications standard, a setup based on theBluetooth address or a Bluetooth clock, a setting by using the sessionkey S as an encryption key etc. are performed.

After various types of setups are performed, the wireless communicationsencrypted by means of the session key S are started between the PDA 1and the portable phone 2. In addition, the wireless communicationsstarted here do not necessarily require both the devices to be inproximity to each other, but are effective within the coverage area ofthe electromagnetic wave.

As described above, based on the reception intensity of theelectromagnetic wave, it is arranged to determine whether or not adevice is a communication counterpart, so that the user can start thewireless communications only by bringing the devices into proximity.

Further, by using the wireless communication module (the wirelesscommunication unit 19 of FIG. 2) in accordance with the IEEE 802.11communications standard or the Bluetooth communications standard, it isarranged to determine whether or not the device is in proximity and totransmit and receive the communication parameter, so that it is notnecessary to provide the device with a dedicated module, such as the RFtag, the reader/writer, the infrared module, etc. only for detecting aneighboring device and for transmitting and receiving an informationdata required for establishing communications. Therefore, as comparedwith the case of preparing such a dedicated module, production costs ofthe device can be reduced.

Further, since the wireless communications encrypted by means of thenewly generated session key are carried out, an interception, afalsification etc. by a third party can be prevented.

FIG. 5 is a flow chart for explaining a process before the wirelesscommunications complying with the IEEE 802.11 communications standardbetween the PDA 1 and a portable phone 2 of FIG. 1 are established. Aprocess in FIG. 5 is basically similar to the process in FIG. 4, and itsdetailed description will be properly omitted.

In step S41 when the operation, by the user, of the connection button isreceived by the input unit 16, then in step S42 the key informationmanagement unit 34 of the PDA 1 generates the pair of the public key Pkand the secret key Sk. In step S43 the connection request transmissionunit 41 broadcasts the connection request containing the public key Pkgenerated by the key information management unit 34 and thecommunication parameter managed by the communication parametermanagement unit 33.

In step S61 the wireless communication control unit 31 of the portablephone 2 which exists within the coverage area of the electromagneticwave from the PDA 1 receives the connection request. In step S62 theintensity judgment unit 42 measures the reception intensity of theconnection request, moves the process to step S63, and determineswhether or not the reception intensity is equal to or higher than athreshold value.

In step S63 when it is determined that the reception intensity of theconnection request is lower than the threshold value, the intensityjudgment unit 42 terminates the process. On the other hand, when it isdetermined that it is equal to or higher than the threshold value, thePDA 1 is specified as the device of the communication counterpart. Whenthe PDA 1 is specified as the device of the communication counterpart,in step S64 the key information management unit 34 of the portable phone2 newly generates a WEP key to be used for the wireless communicationswith the PDA 1 in accordance with the IEEE 802.11 communicationsstandard, and the communication parameter management unit 33 newlygenerates an ESSID which identifies the communications. The thusgenerated ESSID and the WEP key are outputted to theencryption/decryption processing unit 32.

In step S65 the encryption/decryption processing unit 32 encrypts theESSID and the WEP key (Z=(the ESSID, the WEP key)) by using the publickey Pk, the encrypted information data is supplied to the wirelesscommunication control unit 31. In step S66 the wireless communicationcontrol unit 31 returns the ack (Z) containing the encrypted ESSID andWEP key to the PDA 1. In this way the newly generated ESSID and WEP keyare encrypted by means of the public key Pk provided by the PDA 1 andreturned to the PDA 1, so that only the PDA 1 having the secret key Skcan decrypt and acquire the ESSID and the WEP key.

In step S44 the wireless communication control unit 31 of the PDA 1receives the ack (Z) returned from the portable phone 2. In step S45 theencryption/decryption processing unit 32 decrypts the ack (Z) by usingthe secret key Sk managed by the key information management unit 34, andacquires the ESSID and the WEP key generated by the portable phone 2.

In step S46, based on the acquired ESSID and the WEP key, the wirelesscommunication control unit 31 establishes the wireless communicationswith the portable phones 2, complying with the IEEE802.11 communicationsstandard. On the other hand, in step S67, similar to the wirelesscommunication control unit 31 of the PDA 1, based on the informationincluded in the connection request, the wireless communication controlunit 31 of the portable phone 2 establishes the wireless communicationswith the PDA 1, complying with the IEEE 802.11 communications standard.

As described above, by bringing devices into proximity to each other,the user can establish the wireless communications between the devices,complying with the IEEE 802.11 communications standard in which securityis ensured. Further, in order to establish the wireless communication,it is not necessary to provide both the devices with modules for shortdistance communications other than the communication modules inaccordance with the IEEE 802.11 communications standard.

Referring now to a flow chart of FIG. 6, another wireless communicationestablishment process performed by the PDA 1 and the portable phone 2 ofFIG. 1 will be described.

The process in FIG. 6 is similar to the process as described above withreference to FIG. 4, except that the PDA 1 determines whether or not thereception intensity of the ack (Z) returned from the portable phone 2 tothe PDA 1 is equal to or higher than the threshold value. Thus, possibledouble descriptions will be suitably omitted.

In step S84 when the ack (Z) containing the session key S and thecommunication parameter which are encrypted by the public key Pk arereceived by the wireless communication control unit 31 of the PDA 1,then in step S85 the intensity judgment unit 42 of the PDA 1 determineswhether or not the reception intensity of the electromagnetic wave whichconveys the ack (Z) is equal to or higher than the threshold value. Instep S85 when it is determined that the reception intensity is lowerthan or equal to the threshold value, the intensity judgment unit 42notifies the portable phone 2, for example, that communications cannotbe carried out, and terminates the process.

Thus, they are in proximity when transmitting the connection request (atthe time of carrying out the process in step S83). For example, if theyare separated immediately after that, the wireless communications arenot performed between the PDA 1 and the portable phone 2.

In step S85, when it is determined that the reception intensity of areply from the portable phone 2 is equal to or higher than the thresholdvalue, i.e., when it is determined that a status is continuing where thePDA 1 and the portable phone 2 are in proximity to each other, it movesthe process to step S86. The encryption/decryption processing unit 32 ofthe PDA 1 decrypts the ack (Z) by using the secret key Sk, and acquiresthe session key S and communication parameter which are generated by theportable phone 2. Then, by using the session key S and the communicationparameter which are acquired by the encryption/decryption processingunit 32, the wireless communication control unit 31 establishes thewireless communications with portable phones 2.

As described above, the PDA 1 is caused to determine the receptionintensity of the reply to the connection request, to thereby reliablyspecify the device which establishes the wireless communications andprevent the wireless communications from being established with thedevices which are not intended by the user.

Further, the communication is not performed even with a device which isnot actually in proximity but broadcasts the connection request at ahigh output level from a distant position. In other words, when thejudgment of the reception intensity of the reply to the connectionrequest is not carried out in the PDA 1, the PDA 1 broadcasts theconnection request at a high output level from the position distant fromthe portable phone 2, so that the portable phone 2 determines that thePDA 1 is in proximity (the process in step S103 determines that thereception intensity is equal to or higher than the threshold value).Then, the wireless communications are established between the PDA 1 andthe portable phone 2. The PDA 1 may also be caused to determine thereception intensity of the electromagnetic wave, to thereby prevent thewireless communications as described above from being established. Thatis to say, the communications are established only between the deviceswhich are actually in proximity to each other.

In addition, when both devices transmit the connection request and thereply (ack (Z)) corresponding to it at a high output level, thecommunications are established between the devices even when they arenot in proximity to each other, so that the broadcast connection requestand the reply corresponding thereto may include an information dataindicating an output level of the electromagnetic wave.

Further, the PDA 1 having transmitted the connection request may notmeasure the reception intensity of the reply from the portable phone 2so as to determine whether or not to carry out communications, but theoutput of the reply from the portable phone 2 may be restricted in orderfor the electromagnetic wave which conveys ack (Z) to cover only a smallarea. This may prevent the communications from being established betweenthe device which broadcasts the connection request from the distantposition at a high output level and the device which receives it.

A case has been described above where the ad hoc communications areestablished by bringing the devices into proximity to each other.Similarly, infrastructure communications can also be established bybringing a device into proximity to an access point.

FIGS. 7 A and 7B are views for explaining a procedure of establishingthe infrastructure communications in the communication system to whichthe present invention is applied.

Similar to the PDA 1, the access point 51 includes therein the wirelesscommunication module complying with the IEEE 802.11 communicationsstandard or the Bluetooth communications standard, for example.

For example, as shown in FIG. 7A, when the user instructs the PDA 1 heldby the user to connect to the access point 51, with the FDA 1 beingbrought into proximity to the access point 51, the connection request isbroadcast from the PDA 1. When the access point 51 determines that thereception intensity is equal to or higher than a preset threshold value,the communication parameter, such as the ESSID, and the WEP keys, aregenerated by the access point 51. The generated communication parameterand the WEP key are encrypted by the public key which is included in theconnection request and supplied from the PDA 1 to the access point 51,then returned to the PDA 1. Based on the ESSID and WEP key, the PDA 1connects to the access point 51.

Further, before the PDA 1 connects to the access point 51, when thenetwork to which another device belongs to is already managed by theaccess point 51, the device is notified of the newly generated ESSID andthe WEP key, the setup is changed in each device. In this way, thenetwork is formed containing the device already connected to the accesspoint 51 and the PDA 1 newly connected to the access point 51.

For example, as shown in FIG. 7B, before the PDA 1 connects to theaccess point 51, when the network constituted by a device 52 and adevice 53 is managed by the access point 51, the ESSID and the WEP keynewly generated corresponding to receiving a connection request from thePDA 1 are notified also to the device 52 and the device 53, thuschanging the setup in each device. In this way, a network 61 is newlyformed by the PDA 1, the device 52, and the device 53 (an infrastructureconnection type wireless communications are established).

Therefore, the user can cause the PDA 1 to participate in the networkpromptly by just bringing the PDA 1 into proximity to the access point51, without performing complicated operations, such as setting the sameESSID and the same WEP key as those set in another device to, the PDA 1.

Further, since a network setup is changed in each device by means of theESSID and the WEP key having newly generated by the access point 51, amore secure network can be formed. For example, even when the ESSID andthe WEP key are known to those who are malicious, each time a new deviceparticipates in the network, the ESSID and the WEP key are updated, sothat the ESSID and the WEP key known to those who are malicious cannotintercept the information data transmitted and received in the networkwhere the setup is updated.

FIG. 8 is a block diagram showing an example of a functional structureof the access point 51. In addition, the access point 51 hassubstantially the same structure as the structure of the PDA 1 as shownin FIG. 2. Therefore, FIG. 2 is suitably referred to as a structure forthe access point 51.

The wireless communication control unit 71 of FIG. 8 controls thewireless communications with another device performed in the wirelesscommunication unit 19 of FIG. 2. The wireless communication control unit71 has a network management unit 81 and an intensity judgment unit 82.The network management unit 81 provides a router function or a DHCP(Dynamic Host Configuration Protocol) function to the devices whichparticipate in the network, and performs a process of notifying thedevices having already participated in the network of the newlygenerated ESSID and the WEP key. Similar to the intensity judgment unit42 of the PDA 1 of FIG. 3, the intensity judgment unit 82 measures thereception intensity of the electromagnetic wave emitted by an externaldevice, and determines whether or not the reception intensity is equalto or higher than the preset threshold value.

An encryption/decryption processing unit 72 encrypts the informationdata to be transmitted to another device, and decrypts the informationreceived from another device when it is encrypted.

A communication parameter management unit 73 manages various types ofparameters required for performing communications, for example, theESSID in the IEEE 802.11 communications or the Bluetooth address, theBluetooth clock etc. in the Bluetooth communications.

Key information management unit 74 generates encryption keys, such asthe WEP key provided for the device participating in the network.

Next, referring to a flow chart of FIG. 9, the wireless communicationestablishment process performed between the PDA 1 and the access point51 of FIG. 7A will be described.

When the operation button is depressed and the PDA 1 is instructed bythe user to participate in the network, in step S121, the input unit 16of the FDA 1 receives such instructions. In step S122, the keyinformation management unit 34 generates the public key Pk and thesecret key Sk corresponding to the public key Pk. In step S123, theconnection request transmission unit 41 broadcasts the connectionrequest containing the public key Pk and the communication parameter.

The wireless communication control unit 71 of the access point 51 whichexists within the coverage area of the electromagnetic wave from the PDA1 receives the connection request broadcast by the PDA 1, in step S141.In step S142, the intensity judgment unit 82 of the access point 51measures the reception intensity of the connection request, and movesthe process to step S143 so as to determine whether or not the measuredreception intensity is equal to or higher than the threshold value.

In step S143, when it is determined that the reception intensity of theconnection request is lower than or equal to the threshold value, theintensity judgment unit 82 terminates the process. On the other hand,when it is determined that is equal to or higher than the thresholdvalue, it grants the request from the PDA 1, and allows participation inthe network.

In step S144, the communication parameter management unit 73 and the keyinformation management unit 74 of the access point 51 newly generates anESSID and a WEP key respectively, and outputs the generated ESSID andWEP key to the encryption/decryption processing unit 72.

In step S145, the encryption/decryption processing unit 72 encrypts theESSID and the WEP key (Z=(the ESSID. the WEP key)) by using the publickey Pk provided by the PDA 1, and outputs the encrypted information datato the wireless communication control unit 71. In step S146, the networkmanagement unit 81 returns the encrypted ESSID and the encrypted WEP keyas the ack (Z) to the PDA 1.

Further, when the network constituted by a plurality of devices isalready managed, the network management unit 81, in step S147, providesthe ESSID and the WEP key generated in step S144 to all the devicesparticipating in the network, and updates the setup in each device. Forexample, since the newly generated ESSID and WEP key are transmitted toeach device by encrypting by means of the WEP key having so far used inthe network, the newly generated ESSID and WEP key are not interceptedby a third party.

On the other hand, the wireless communication control unit 31 of the PDA1, in step S124, receives the ack (Z) returned from the access point 51.In step 125, the encryption/decryption processing unit 32 decrypts theack (Z) by using the secret key Sk, to thereby acquire the ESSID and theWEP key generated by the access point 51.

In step S126, based on the ESSID and the WEP key acquired by theencryption/decryption processing unit 32, the wireless communicationcontrol unit 31 connects to the access point 51 so as to participate inthe network managed by the access point 51.

In this way, the infrastructure connection type network is formed whichis constituted by devices identified by the ESSID which is newlygenerated by the access point 51, so that it becomes possible totransmit and receive the information through the access point 51 betweenthose devices.

As described above, the user can establish even infrastructurecommunications by just bringing the device held by the user intoproximity to the access point and build a network, without preparingmodules, such as the RF tag, the reader/writer, etc., in addition to themodules in accordance with the IEEE 802.11 communications standard etc.Further, since the ESSID and the WEP key are newly generated so as tochange the setup in each device participating in the network, the usercan build a more secure network.

As described above, the user brings the device held by the user intoproximity to the access point, so as to cause the device to participatein the network. However, a case often occurs in which the access pointis provided in a position to which the user cannot bring the device intoproximity, such as the vicinity of ceiling indoors, for example.Therefore, apart from the access point provided in the vicinity of theceiling etc., the user may provide a dummy point which does not have thefunction of managing the network, only by providing the newly generatedESSID and the WEP key in a position to which the user can easily bringthe device into proximity. In this case, by bringing the device held bythe user into proximity to the dummy point, the user can cause thedevice to participate in the network managed by the access point.

FIGS. 10A and 10B are views showing a procedure of establishing theinfrastructure communications by bringing the device into proximity tothe dummy point in the communication system to which the presentinvention is applied.

Unlike the access point 51, the dummy point 101-1 and the dummy point101-2 of FIG. 10A are provided in positions to which the user can easilybring the PDA 1 into proximity, and respectively connected to the accesspoint 51 by wire through a cable 111-1 and a cable 111-2.

The dummy point 101-1 and the dummy point 101-2 have the wirelesscommunication functions complying with the IEEE 802.11 communicationsstandard or the Bluetooth communications standard, and provide the PDA 1with the newly generated ESSID and the WEP key when it is determinedthat the PDA 1 is brought into proximity according to the receptionintensity of the electromagnetic wave. Further, at this event, the dummypoint 101-1 and the dummy point 101-2 transmit the same ESSID and theWEP key as those provided by the PDA 1, to the access point 51 throughthe cable 111-1 and the cable 111-2.

The subsequent processes are similar to those in the case of FIGS. 7Aand 7B. In other words, the access point 51 notifies the ESSID and theWEP key notified by the dummy point 101-1 or the dummy point 101-2 toall the devices having already participated in the network, causes themto update the setups, and grants the connection of the PDA 1 havingacquired the ESSID and the WEP key from the dummy point 101-1 or thedummy point 101-2, whereby the network 61 containing the PDA 1 is formedas shown in FIG. 10B.

In this way, even when the access point 51 is provided in a position towhich the PDA 1 cannot be brought into proximity, the user can cause thePDA 1 to participate in the network managed by the access point 51, bybringing the PDA 1 into proximity to the dummy point 101-1 or the dummypoint 101-2.

FIG. 11 is a block diagram showing an example of a functional structureof the access point 51 and the dummy point 101-1. In addition, also thedummy point 101-2 has the same structure of the dummy point 101-1 asshown in FIG. 11, and is connected with the access point 51. The samereference numerals are used for the same parts as in the access point 51of FIG. 8.

Also the dummy point 101-1 has the same structure as that of the accesspoint 51 of FIG. 8, except that a functional unit for managing thenetwork is not provided. That is to say, the wireless communicationcontrol unit 121 controls the wireless communications complying with theIEEE 802.11 communications standard or the Bluetooth communicationsstandard performed between the devices which are in proximity to eachother; an intensity judgment unit 131 measures the reception intensityof the electromagnetic wave emitted from the external device anddetermines whether or not the reception intensity is equal to or higherthan the preset threshold value.

By using the public key Pk which is included in the connection requestand provided by the PDA 1, an encryption processing unit 122 encryptsthe ESSID generated by a communication parameter management unit 123 andthe WEP key generated by the key information management unit 124, so asto be provided from the wireless communication control unit 121 to thePDA 1.

The communication parameter management unit 123 manages thecommunication parameters, such as the ESSID etc. The key informationmanagement unit 124 generates the WEP key to be provided for the PDA 1,etc., which is in proximity. The ESSID managed by the communicationparameter management unit 123 and the WEP key managed by the keyinformation management unit 124 are outputted to the encryptionprocessing unit 122, and also to the cable communication control unit125.

The cable communication control unit 125 manages wired communicationswith the access points 51, and transmits the ESSID supplied from thecommunication parameter management unit 123 and the WEP key suppliedfrom the key information management unit 124, to the access point 51through the cable 111-1.

A cable communication control unit 141 of the access point 51 receivesthe ESSID and the WEP key which are transmitted from the dummy point101-1, and outputs them to the wireless communication control unit 71.The network management unit 81 of the wireless communication controlunit 71 transmits the ESSID and the WEP key which are transmitted fromthe dummy point 101-1, to all the devices that have participated in thenetwork wirelessly means so as to update the setup. Further, the networkmanagement unit 81 grants the connection from the PDA 1 having acquiredthe ESSID and the WEP key provided through the dummy point 101-1, andcauses the PDA 1 to participate in the network.

Next, referring to a flow chart of FIG. 12, the communicationestablishment process performed by the PDA 1, the access point 51, andthe dummy point 101-1 of FIG. 10A will be described.

By bringing the PDA 1 into proximity to the dummy point 101-1, theprocess performed between the PDA 1 and the dummy point 101-1 is similarto the processing performed between the PDA 1 and the access points 51as described with reference to the FIG. 5, FIG. 9, etc.

In other words, in step S181, the input unit 16 of the PDA 1, forexample, receives the operation of the connection button performed bythe user, with the FDA 1 being in proximity to the dummy point 101-1. Instep S182, the key information management unit 34 generates the publickey Pk and the secret key Sk corresponding to the public key Pk. Theconnection request transmission unit 41, in step S183, broadcasts theconnection request containing the public key Pk and the communicationparameter.

The wireless communication control unit 121 of the dummy point 101-1, instep S161, receives the connection request broadcast from the PDA 1. Instep S162, the intensity judgment unit 131 measures the receptionintensity of the connection request, then moves the process to step S163so as to determine whether or not the reception intensity is equal to orhigher than the threshold value.

In step S163, if it is determined that the reception intensity of theconnection request is lower than the threshold value, the intensityjudgment unit 131 terminates the process. On the other hand, if it isdetermined that the intensity is equal to or higher than the thresholdvalue, the process moves to step S164.

In step S164 the communication parameter management unit 123 of thedummy point 101-1 newly generates an ESSID, and outputs the generatedESSID to the encryption processing unit 122 and the cable communicationcontrol unit 125. Further, the key information management unit 124 newlygenerates a WEP key, and outputs the generated WEP key to the encryptionprocessing unit 122 and the cable communication control unit 125.

In step S165, the encryption processing unit 122 encrypts the ESSID andthe WEP key (Z=(the ESSID, the WEP key)) by means of the public key Pk,and outputs the encrypted information data to the wireless communicationcontrol unit 121. In step S166, the wireless communication control unit121 returns the encrypted ESSID and WEP key as the ack (Z) to the PDA 1.

In step S167, the cable communication control unit 125 transmits theESSID supplied from the communication parameter management unit 123 andthe WEP key supplied from the key information management unit 124, tothe access point 51 by the cable through the cable 111-1. At this event,the information data other than the ESSID and the WEP key, such as theMAC address of the PDA 1 is also transmitted to the access point 51 andused for the access control in the access point 51.

On the other hand, in step S184, the wireless communication control unit31 of the PDA 1 receives the ack (Z) returned from the dummy point101-1. In step S185, the encryption/decryption processing unit 32decrypts the ack (Z) by using the secret key Sk so as to acquire theESSID and the WEP key.

In step S186, based on the ESSID and the WEP key acquired by theencryption/decryption processing unit 32, the wireless communicationcontrol unit 31 establishes the wireless communications complying withthe IEEE 802.11 communications standard and connects to the access point51. At this event, having received the ESSID and the WEP key transmittedby wire in step S201, the network management unit 81 of the access point51 moves to a process in step S202, transmits the ESSID and the WEP keywirelessly means to the device which has already participated in thenetwork and updates the setup.

In this way, the infrastructure connection type network is constitutedby a group of the devices containing the PDA 1 which is identified bythe ESSID newly generated by the dummy point 101-1, and the transmissionand reception of the information data through the access point 51 areperformed between networks.

According to the above processing, even when the access point 51 isprovided in a position to which the PDA 1 cannot directly be broughtinto proximity, the user can cause the PDA 1 to participate in thenetwork managed by the access point 51, by bringing the PDA 1 intoproximity to the dummy point 101-1 etc.

In addition, when the PDA 1 is brought into proximity to the dummypoint, the PDA 1 is provided with a URL (Uniform Resource Locator) of acertain site through the dummy point, other than the information data,such as the ESSID and the WEP key. After the PDA 1 is connected to theaccess point 51 by performing the process of FIG. 12, the PDA 1 may haveaccess to a site specified by the URL through the access point 51.

FIG. 13 is a view showing an example of a structure of the communicationsystem in which the connection to the access point 51 is made by the PDA1 based on URL provided through the dummy point, and then subsequentlythe access to the site specified by the URL is carried out.

In FIG. 13, presentation units 151-1 through 151-3 constituted by adisplay, such as an LCD, a poster, etc., are provided on a wall surface.For example, an advertisement of a camera is presented by thepresentation unit 151-1, a map is presented by the presentation unit151-2, and an advertisement of a personal computer is presented by thepresentation unit 151-3.

The dummy points 101-1 through 101-3 connected to the access point 51through a cable (not shown) are respectively provided directly below thepresentation units 151-1 through 151-3. In addition, the access point 51is provided in the position, above the wall surface, to which it isdifficult for the user to bring the PDA 1 into proximity.

In addition to the ESSID and the WEP key for connecting to the accesspoint 51, the dummy point 101-1 provides the PDA 1 with a URL of anadvertising site which provides detailed information on the camerapresented by the presentation unit 151-1. In addition to the ESSID orthe WEP key, the dummy point 101-2 provides the PDA 1 with a URL of asite which provides detailed information on the map presented by thepresentation unit 151-2. Further, in addition to the ESSID or the WEPkey for connecting to the access point 51, the dummy point 101-3provides the PDA 1 with a URL of an advertising site which providesdetailed information on the personal computer presented by thepresentation unit 151-3.

Therefore, for example, as shown in FIG. 13, when the user brings thePDA 1 into proximity to the dummy point 101-1, the connection to theaccess point 51 is made by the performing the process in FIG. 12 bymeans of the PDA 1. After that, based on the URL provided from the dummypoint 101-1, the access to the advertising site of the camera presentedby the presentation unit 151-1 is carried out. When the access to theadvertising site of the camera is carried out, the detailed informationabout the camera is displayed on a screen of the PDA 1. Thus, the usermay only bring the PDA 1 into proximity to the advertisement (the dummypoint) so as to check the detailed information about an articleintroduced by the advertisement on the screen of the PDA 1.

In addition, the presentation units 151-1 through 151-3 and the dummypoints 101-1 through 101-3 are disposed in different positions in theexample of FIG. 13. However, when the presentation units 151-1 through151-3 are the posters of paper media, the dummy points 101-1 through101-3 may be provided on the backs respectively. Thus, the user cancheck the detail of the articles by using the PDA 1 by way of moreintuitive operation, such as holding the PDA 1 over the advertisement.

In the above description, in order to establish the communications onlybetween the devices which are actually in proximity to each other, thereception intensity of the reply to the connection request is measuredon the PDA 1 side which is the device to broadcast the connectionrequest (for example, FIG. 6). As shown in FIG. 13 and others, based onthe reception intensity of each of the connection requests in the dummypoints 101-1 through 101-3, the access point 51 may alternativelydetermine whether or not the PDA 1 is actually in proximity to any ofthe dummy points, and determine whether or not to grant the connection.

FIGS. 14A and 14B are views showing an example of a spatial relationshipamong the PDA 1 and the dummy points 101-1 through 101-3.

Having received the connection request broadcast by the PDA 1, the dummypoints 101-1 through 101-3 respectively notify the reception intensityto the access point 51 through the cable 111-1 through 111-3.

For example, as shown in FIG. 14A, based on the reception intensity ofthe connection request received in each of the dummy points 101-1through 101-3, the access point 51 grants the request from the PDA 1only when the PDA 1 has judged it is in sufficiently proximity to onedummy point 101-2 as compared with distances to the other two.

Therefore, when the PDA 1 is located in a position P1, since thereception intensity at the dummy point 101-2 is higher than thereception intensities at the dummy point 101-1 and the dummy point101-3, the access point 51 judges the PDA 1 is in proximity to the dummypoint 101-2, and grants the connection from the PDA 1. On the otherhand, for example, the PDA 1 is located in the position P2 somewhatabove the position P1, and the reception intensities of the connectionrequests at the dummy point 101-1 and the dummy point 101-2 are measuredand result in substantially the same, so that the access point 51 doesnot allow the connection of the PDA 1.

As described above, it is possible to determine more reliably whetherthe PDA 1 is in proximity to the dummy point by comparing the receptionintensities at respective dummy points. Further, the PDA 1 broadcastingthe connection request at a high output level can be prevented fromconnecting even when not in actual proximity to the dummy point.

For example, as shown in FIG. 14B, when the PDA 1 is not brought intoproximity to any of the dummy points, the reception intensities of theconnection requests received at the dummy points 101-1 though 101-3 arerespectively measured as being of the same level. In this case, theconnection of the PDA 1 to the access point 51 is not granted.

When the PDA 1 of FIG. 14B broadcast the connection request at a highoutput level and the reception intensity of the connection request ateach dummy point is not compared, if the reception intensity is equal toor higher than the predetermined threshold value, then the access to theaccess point 51 is granted. However, it can be prevented by comparingthe reception intensities of the connection requests at respective dummypoints. That is to say, it is possible to prevent the device which isnot in proximity to any of the dummy points from gaining access to theaccess point 51.

Referring now to a flow chart of FIG. 15, as described above, based onthe reception intensity of the connection request at each dummy point, aprocess will be described of the access point 51 which determineswhether or not to grant the connection.

In step S211, the network management unit 81 (FIG. 11) acquires thereception intensities of the connection requests at the dummy points101-1 through 101-3, via the cable communication control unit 141.

In step S212, as compared with the other two dummy points, the networkmanagement unit 81 determines whether or not there is a dummy pointwhich provides high reception intensity. For example, ratios of thereception intensities of the connection requests in the three dummypoints are calculated, and for the highest ratio of them, it isdetermined whether or not it is higher than the preset threshold value.

When it is determined that there is not such a dummy point in step S212,the network management unit 81 terminates the process. Thus, as shown inFIG. 14B, for example, the connection of a device which is not inproximity to any dummy point is not granted.

On the other hand, when it is determined in step S212 that there is adummy point which provides high reception intensity as compared with theother two dummy points, the network management unit 81 moves the processto step S213, judges the device is in sufficiently proximity to thedummy point which provides a high reception intensity, and grants theconnection of the device. After that, based on the ESSID and the WEP keywhich are provided through the dummy point, the device granted to beconnected is connected with the access point 51.

In the above description, although it has been assumed that thereception intensities of the connection requests at the three dummypoints 101-1 through 101-3 are compared, the number of the dummy pointsis not restricted to three. That is to say, by comparing the receptionintensities of the connection requests, any number of dummy points maybe provided, if it is possible to determine whether or not a device isin proximity to any of the dummy points.

Further, in the above description, although it has been described thatthe dummy points are provided and fixed to the wall surface, etc., theymay be prepared as portable device as shown in FIG. 16, for example.

FIG. 16 is a view showing a situation where a portable dummy point 121(hereinafter, referred to as the portable dummy point 121) and apersonal computer 122 are in proximity to each other.

The portable dummy point 121 is brought into proximity to the personalcomputer 122. As described above with reference to FIG. 12, when it isdetermined that the reception intensity of the electromagnetic wavetransmitted from the personal computer 122 is higher than thepredetermined threshold value, it generates the ESSID and the WEP key,etc., and provides them to the personal computer 122. Further, at thisevent, the portable dummy point 121 transmits those information dataprovided for the personal computer 122 also to an access point (notshown), and changes setup of the access point so that access from thepersonal computer 122 can be granted.

In this way, the personal computer 122 can participate in the networkmanaged by the access point.

The portable dummy point 121, for example, is prepared in a space whichprovides wireless Internet connection services like Hotspot (atrademark). In this case, for example, an administrator of services ownsthe portable dummy point 121, and the administrator brings the portabledummy point 121 into proximity to a personal computer of a user havingpaid service charges, then the portable dummy point 121 is utilized bygranting connection to the Internet etc.

Further, in the case where the portable dummy point 121, for example, isprepared for a conference room, etc., each participant at the meetingbrings the portable dummy point 121 into proximity to his or herpersonal computer, and then the portable dummy point 121 is utilizedwhen building a network constituted by the participant's personalcomputer.

In addition, when transmitting the information data, such as the ESSIDand the WEP key, from the portable dummy point 121 to the access point,the transmission may be carried out when the portable dummy point 121and an access point are in proximity to each other and when the judgmentis performed based on the intensity of the received electromagnetic waveas described above, so that the intensity is judged to be equal to orhigher than the threshold value. Naturally, the transmission of theinformation data, such as the ESSID and the WEP key, from the portabledummy point 121 to the access point may be performed by wire through thecable which is connected to the portable dummy point 121, or wirelesslyfor relatively short distances using a contactless IC tag, infraredrays, etc., whereby, the information data, such as the ESSID and the WEPkey, can be prevented from being known to a third party.

A series of processes as described above can be performed by means ofhardware and also by way of software.

When a series of processes are performed by way of software, a computerprogram which constitutes the software is installed, over the network orfrom the recording medium, in a computer built in dedicated hardware ora general purpose personal computer in which various types of programsare installed so as to execute various types of functions, for example.

As shown in FIG. 2, the recording medium may be not only package mediaincluding the magnetic disk 21 (including a flexible disk), the opticaldisks 22 (including a CD-ROM (Compact Disk-Read Only Memory), a DVD(Digital Versatile Disc)), the magneto-optical disks 23 (including an MD(a registered trademark) (Mini-Disc)), or the semiconductor memory 24which are apart from the apparatus itself, distributed in order toprovide the user with the program and have recorded therein the program,but also the ROM 12 and the storage unit 18 on which the program isrecorded and which are provided for the user, being pre-installed in theapparatus itself.

In addition, in the specification, steps which describe the computerprogram recorded in the recording medium include processes performed inchronological order according to the description but also processescarried out in parallel or individually, even if they are notnecessarily processed in chronological order.

Further, in this specification, the word system can be used to mean awhole arrangement constituted by a plurality of apparatuses.

It is therefore to be observed that the present invention is not limitedto the above-mentioned examples of preferred embodiments, which aremerely descriptions of the present invention in its preferred form undera certain degree of particularity. They are by no means to be construedso as to limiting the scope of the present invention and, accordingly,it is to be understood by those of ordinary skill in the art that manyother changes, variations, combinations, sub-combinations and the likeare possible therein without departing from the scope and spirit of thepresent invention.

1.-14. (canceled)
 15. An information providing apparatus comprising: aproviding unit configured to provide connection information and addressinformation on network to an external device when the external device islocated into proximity to the information providing apparatus, theconnection information is used for a communication establishment toaccess a site of the address information.
 16. The information providingapparatus according to the claim 15, wherein the providing unitconfigured to provide the connection information and address informationto the external device by near field communication.
 17. The informationproviding apparatus according to the claim 15, wherein the connectioninformation is key information to establish a communication with anaccess point.
 18. The information providing apparatus according to theclaim 15, further comprising: a presentation unit capable of showing anadvertisement; and wherein the address information is associated withthe advertisement.
 19. The information providing apparatus according tothe claim 18, wherein the address information is a URL to provide a mapinformation.